7.6
CVE-2026-24005
- EPSS 0.29%
- Veröffentlicht 25.02.2026 18:53:30
- Zuletzt bearbeitet 05.03.2026 00:42:25
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
OpenKruise PodProbeMarker is Vulnerable to SSRF via Unrestricted Host Field
Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The webhook validation does not restrict the Host field in these probe configurations. Since kruise-daemon runs with hostNetwork=true, it executes probes from the node network namespace. An attacker with PodProbeMarker creation permission can specify arbitrary Host values to trigger SSRF from the node, perform port scanning, and receive response feedback through NodePodProbe status messages. Versions 1.8.3 and 1.7.5 patch the issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Openkruise ≫ Kruise Version < 1.7.5
Openkruise ≫ Kruise Version >= 1.8.0 < 1.8.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.2 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.6 | 2.8 | 4.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
|
| security-advisories@github.com | 0 | 2.8 | 0 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N
|
CWE-918 Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
https://github.com/openkruise/kruise/security/advisories/GHSA-9fj4-3849-rv9g
https://github.com/openkruise/kruise/commit/94364b76adf3e8a1749a31afe809a163bed29613
https://github.com/openkruise/kruise/releases/tag/v1.7.5
https://github.com/openkruise/kruise/releases/tag/v1.8.3